1

I have 2 servers: app1.example.biz & app2.example.biz I need to do the following using apache2 as a reverse proxy redirect all traffic coming from internet to the appropriate server & use ssl. The configuration i did allows me to redirect app1.example.biz to https app1.example.biz & i can access the server. The problem is that i can't do the same for app2.example.biz, when i type app2.example.biz it redirects me to https app1.example.biz!! PS: I can't post more than two hyperlinks because i'm a new user but my config is correct.

<VirtualHost *:80>
   ServerName app1.example.biz/
    Redirect / https app1.example.biz/

</VirtualHost>

<VirtualHost *:443>

ServerName app1.example.biz
ServerAlias app1.example.biz

ProxyPass / http app1.example.biz/
ProxyPassReverse / http app1.example.biz/
SSLEngine on
SSLCertificateFile    /etc/ssl/servwiki.crt
SSLCertificateKeyFile /etc/ssl/servwiki.key
SSLVerifyClient none

</VirtualHost>

#<VirtualHost *>
#    ServerName app2.example.biz/
#    Redirect / https  app2.example.biz/
#</VirtualHost>

<VirtualHost *>
ProxyPreserveHost On
ServerName  app2.example.biz
ServerAlias  app2.example.biz

ProxyPass / http app2.example.biz/
ProxyPassReverse / http app2.example.biz/
SSLEngine on
SSLCertificateFile    /etc/ssl/servwiki.crt
SSLCertificateKeyFile /etc/ssl/servwiki.key
SSLVerifyClient none

</VirtualHost>

I tried: 1/ using NameVirtualHost:80 & NameVirtualHost:443 2/Naming each virtual host like this 3/adding

 <VirtualHost *>
ServerName www.example.biz
DocumentRoot /usr/local/apache/htdocs
#SSLEngine on
#SSLCertificateFile    /etc/ssl/servwiki.crt
#SLCertificateKeyFile /etc/ssl/servwiki.key
#SSLVerifyClient none
</VirtualHost>

this solves the problem of redirecting http app1.example.biz & http app2.example.biz to the corresponding server but it doesn't wok with ssl!

plzzzzz help

Khaled
  • 36,533
  • 8
  • 72
  • 99
user124650
  • 11
  • 1
  • 2

1 Answers1

3

Presumably, you're missing :443 in your second virtual host configuration (I'm not sure whether this is just a copy/paste error here).

The next problem you're going to face is that you will need to be able to handle multiple hosts on SSL/TLS. For this, you will need the server to present a valid certificate for that host name during the SSL/TLS handshake, before any HTTP request/response is sent. The can be done using one of the following techniques:

  • Use a single IP address and a single certificate valid for all the hosts you want to serve at the same time. This could be achieved with a certificate with multiple Subject Alternative Name entries (app1.example.biz and app2.example.biz), sometimes called UCC, or a wildcard certificate (e.g. *.example.biz, but their use is discouraged).
  • Use distinct IP addresses for each host, if you can. In this case, don't rely on NameVirtualHost for HTTPS, but set the IP addresses in each virtual host entry, and configure each virtual host section with its certificate.
  • Use a single IP address and multiple certificates, but your client will need to support the Server Name Indication extension. (This is not supported by any version of IE on Windows XP, some mobile clients, and Java 6, for example.) How to configure it on Apache Httpd is documented on this page.
Bruno
  • 4,099
  • 1
  • 21
  • 37
  • Thanks Bruno, i guess the second suggestion suits me, i have disticnt ip addresses and certificates for each virtual host. But as i said earlier when i try to access app2.example.biz it redirects me to app1.example.biz! this is my main problem right now :// – user124650 Jun 14 '12 at 10:22
  • Put each IP address in the right virtualhost section (`` for example) instead of `*`, and make sure the DNS resolution points the host name to the correct IP address in each case. (You also seem to be using the same certificate configuration in your 2 virtual hosts in your example here.) – Bruno Jun 14 '12 at 10:34
  • when i put & try to access https://app1.example.biz i get: Erreur 107 (net::ERR_SSL_PROTOCOL_ERROR) : Erreur de protocole SSL – user124650 Jun 14 '12 at 10:44
  • ps: i know that i'm using the same certificate here it's just an example but i do have distinct ones – user124650 Jun 14 '12 at 10:45
  • i tried to forget about ssl for the moment and concentrate on reverse proxying with http only, when i put and access http://app1.example.biz i get the index page of apache :// – user124650 Jun 14 '12 at 10:50
  • I'm not sure what is dummy data and what's the actual config in your example, but it doesn't make sense to reverse proxy to itself. You should also typically use `ProxyPass / http://someotherhost:or-someotherport/` but not itself. – Bruno Jun 14 '12 at 11:09
  • is this what you mean?? ServerName app1.example.biz ServerAlias app1.example.biz ProxyPass / http:/app1.example.biz/ ProxyPassReverse / https://app1.example.biz/ SSLEngine on SSLCertificateFile /etc/ssl/servwiki.crt SSLCertificateKeyFile /etc/ssl/servwiki.key SSLVerifyClient none #192.168.12.25 is the ip for app1.example.biz – user124650 Jun 14 '12 at 11:16
  • I mean don't use `ProxyPass / http://app1.example.biz/` within the virtual host for `ServerName app1.example.biz`, since it will redirect it back to itself. Typically, you'd want to reverse proxy `ServerName app1.example.biz` to `ProxyPass / http://internal.address:internal-port/` (for example `ProxyPass / http://localhost:8080/` if you're trying to proxy a Tomcat container). – Bruno Jun 14 '12 at 11:25
  • thank you Bruno for your patience, but i can't seem to understand this. I have 2 internal servers app1.example.biz & app2.example.biz with ip addresses 192.168.12.25 & 192.168.12.23. that's all the information i have! i can't figure out how to setup even one virtualhost :(((( i give up i'm sorry for your trouble – user124650 Jun 14 '12 at 11:42
  • What are you trying to use a reverse proxy for? Typically, `app1.example.biz` and `app2.example.biz` would have external IP addresses, served by the reverse proxy, and 192.168.12.x would be the addresses of the internal servers behind that proxy (not visible as `app1.example.biz` and `app2.example.biz`). – Bruno Jun 14 '12 at 12:18
  • we have one public ip address for: www.example.biz. app1 & app2 are on 2 differents internal servers and have private addresses. – user124650 Jun 14 '12 at 14:09
  • Ah, in that case I'm not sure you fully understand what the reverse proxy is meant to do. You would normally only have one virtual host on your reverse proxy (for server name `www.example.biz`) and then have two `Proxy` directives, with different paths, for app1 and app2. – Bruno Jun 14 '12 at 14:37